// Copyright 2019 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Code generated by gapic-generator. DO NOT EDIT. package admin import ( "context" "math" "time" "github.com/golang/protobuf/proto" gax "github.com/googleapis/gax-go/v2" "google.golang.org/api/iterator" "google.golang.org/api/option" "google.golang.org/api/transport" adminpb "google.golang.org/genproto/googleapis/iam/admin/v1" iampb "google.golang.org/genproto/googleapis/iam/v1" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" ) // IamCallOptions contains the retry settings for each method of IamClient. type IamCallOptions struct { ListServiceAccounts []gax.CallOption GetServiceAccount []gax.CallOption CreateServiceAccount []gax.CallOption UpdateServiceAccount []gax.CallOption DeleteServiceAccount []gax.CallOption ListServiceAccountKeys []gax.CallOption GetServiceAccountKey []gax.CallOption CreateServiceAccountKey []gax.CallOption DeleteServiceAccountKey []gax.CallOption SignBlob []gax.CallOption GetIamPolicy []gax.CallOption SetIamPolicy []gax.CallOption TestIamPermissions []gax.CallOption QueryGrantableRoles []gax.CallOption SignJwt []gax.CallOption } func defaultIamClientOptions() []option.ClientOption { return []option.ClientOption{ option.WithEndpoint("iam.googleapis.com:443"), option.WithScopes(DefaultAuthScopes()...), } } func defaultIamCallOptions() *IamCallOptions { retry := map[[2]string][]gax.CallOption{ {"default", "idempotent"}: { gax.WithRetry(func() gax.Retryer { return gax.OnCodes([]codes.Code{ codes.DeadlineExceeded, codes.Unavailable, }, gax.Backoff{ Initial: 100 * time.Millisecond, Max: 60000 * time.Millisecond, Multiplier: 1.3, }) }), }, } return &IamCallOptions{ ListServiceAccounts: retry[[2]string{"default", "idempotent"}], GetServiceAccount: retry[[2]string{"default", "idempotent"}], CreateServiceAccount: retry[[2]string{"default", "non_idempotent"}], UpdateServiceAccount: retry[[2]string{"default", "idempotent"}], DeleteServiceAccount: retry[[2]string{"default", "idempotent"}], ListServiceAccountKeys: retry[[2]string{"default", "idempotent"}], GetServiceAccountKey: retry[[2]string{"default", "idempotent"}], CreateServiceAccountKey: retry[[2]string{"default", "non_idempotent"}], DeleteServiceAccountKey: retry[[2]string{"default", "idempotent"}], SignBlob: retry[[2]string{"default", "non_idempotent"}], GetIamPolicy: retry[[2]string{"default", "non_idempotent"}], SetIamPolicy: retry[[2]string{"default", "non_idempotent"}], TestIamPermissions: retry[[2]string{"default", "non_idempotent"}], QueryGrantableRoles: retry[[2]string{"default", "non_idempotent"}], SignJwt: retry[[2]string{"default", "non_idempotent"}], } } // IamClient is a client for interacting with Google Identity and Access Management (IAM) API. // // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. type IamClient struct { // The connection to the service. conn *grpc.ClientConn // The gRPC API client. iamClient adminpb.IAMClient // The call options for this service. CallOptions *IamCallOptions // The x-goog-* metadata to be sent with each request. xGoogMetadata metadata.MD } // NewIamClient creates a new iam client. // // Creates and manages service account objects. // // Service account is an account that belongs to your project instead // of to an individual end user. It is used to authenticate calls // to a Google API. // // To create a service account, specify the project_id and account_id // for the account. The account_id is unique within the project, and used // to generate the service account email address and a stable // unique_id. // // All other methods can identify accounts using the format // projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. // Using - as a wildcard for the project will infer the project from // the account. The account value can be the email address or the // unique_id of the service account. func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error) { conn, err := transport.DialGRPC(ctx, append(defaultIamClientOptions(), opts...)...) if err != nil { return nil, err } c := &IamClient{ conn: conn, CallOptions: defaultIamCallOptions(), iamClient: adminpb.NewIAMClient(conn), } c.setGoogleClientInfo() return c, nil } // Connection returns the client's connection to the API service. func (c *IamClient) Connection() *grpc.ClientConn { return c.conn } // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *IamClient) Close() error { return c.conn.Close() } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *IamClient) setGoogleClientInfo(keyval ...string) { kv := append([]string{"gl-go", versionGo()}, keyval...) kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version) c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...)) } // ListServiceAccounts lists [ServiceAccounts][google.iam.admin.v1.ServiceAccount] for a project. func (c *IamClient) ListServiceAccounts(ctx context.Context, req *adminpb.ListServiceAccountsRequest, opts ...gax.CallOption) *ServiceAccountIterator { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.ListServiceAccounts[0:len(c.CallOptions.ListServiceAccounts):len(c.CallOptions.ListServiceAccounts)], opts...) it := &ServiceAccountIterator{} req = proto.Clone(req).(*adminpb.ListServiceAccountsRequest) it.InternalFetch = func(pageSize int, pageToken string) ([]*adminpb.ServiceAccount, string, error) { var resp *adminpb.ListServiceAccountsResponse req.PageToken = pageToken if pageSize > math.MaxInt32 { req.PageSize = math.MaxInt32 } else { req.PageSize = int32(pageSize) } err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.ListServiceAccounts(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, "", err } return resp.Accounts, resp.NextPageToken, nil } fetch := func(pageSize int, pageToken string) (string, error) { items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) if err != nil { return "", err } it.items = append(it.items, items...) return nextPageToken, nil } it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) it.pageInfo.MaxSize = int(req.PageSize) return it } // GetServiceAccount gets a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. func (c *IamClient) GetServiceAccount(ctx context.Context, req *adminpb.GetServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.GetServiceAccount[0:len(c.CallOptions.GetServiceAccount):len(c.CallOptions.GetServiceAccount)], opts...) var resp *adminpb.ServiceAccount err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.GetServiceAccount(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // CreateServiceAccount creates a [ServiceAccount][google.iam.admin.v1.ServiceAccount] // and returns it. func (c *IamClient) CreateServiceAccount(ctx context.Context, req *adminpb.CreateServiceAccountRequest, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.CreateServiceAccount[0:len(c.CallOptions.CreateServiceAccount):len(c.CallOptions.CreateServiceAccount)], opts...) var resp *adminpb.ServiceAccount err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.CreateServiceAccount(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // UpdateServiceAccount updates a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. // // Currently, only the following fields are updatable: // display_name . // The etag is mandatory. func (c *IamClient) UpdateServiceAccount(ctx context.Context, req *adminpb.ServiceAccount, opts ...gax.CallOption) (*adminpb.ServiceAccount, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.UpdateServiceAccount[0:len(c.CallOptions.UpdateServiceAccount):len(c.CallOptions.UpdateServiceAccount)], opts...) var resp *adminpb.ServiceAccount err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.UpdateServiceAccount(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // DeleteServiceAccount deletes a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. func (c *IamClient) DeleteServiceAccount(ctx context.Context, req *adminpb.DeleteServiceAccountRequest, opts ...gax.CallOption) error { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.DeleteServiceAccount[0:len(c.CallOptions.DeleteServiceAccount):len(c.CallOptions.DeleteServiceAccount)], opts...) err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error _, err = c.iamClient.DeleteServiceAccount(ctx, req, settings.GRPC...) return err }, opts...) return err } // ListServiceAccountKeys lists [ServiceAccountKeys][google.iam.admin.v1.ServiceAccountKey]. func (c *IamClient) ListServiceAccountKeys(ctx context.Context, req *adminpb.ListServiceAccountKeysRequest, opts ...gax.CallOption) (*adminpb.ListServiceAccountKeysResponse, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.ListServiceAccountKeys[0:len(c.CallOptions.ListServiceAccountKeys):len(c.CallOptions.ListServiceAccountKeys)], opts...) var resp *adminpb.ListServiceAccountKeysResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.ListServiceAccountKeys(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // GetServiceAccountKey gets the [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] // by key id. func (c *IamClient) GetServiceAccountKey(ctx context.Context, req *adminpb.GetServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.GetServiceAccountKey[0:len(c.CallOptions.GetServiceAccountKey):len(c.CallOptions.GetServiceAccountKey)], opts...) var resp *adminpb.ServiceAccountKey err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.GetServiceAccountKey(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // CreateServiceAccountKey creates a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey] // and returns it. func (c *IamClient) CreateServiceAccountKey(ctx context.Context, req *adminpb.CreateServiceAccountKeyRequest, opts ...gax.CallOption) (*adminpb.ServiceAccountKey, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.CreateServiceAccountKey[0:len(c.CallOptions.CreateServiceAccountKey):len(c.CallOptions.CreateServiceAccountKey)], opts...) var resp *adminpb.ServiceAccountKey err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.CreateServiceAccountKey(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // DeleteServiceAccountKey deletes a [ServiceAccountKey][google.iam.admin.v1.ServiceAccountKey]. func (c *IamClient) DeleteServiceAccountKey(ctx context.Context, req *adminpb.DeleteServiceAccountKeyRequest, opts ...gax.CallOption) error { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.DeleteServiceAccountKey[0:len(c.CallOptions.DeleteServiceAccountKey):len(c.CallOptions.DeleteServiceAccountKey)], opts...) err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error _, err = c.iamClient.DeleteServiceAccountKey(ctx, req, settings.GRPC...) return err }, opts...) return err } // SignBlob signs a blob using a service account's system-managed private key. func (c *IamClient) SignBlob(ctx context.Context, req *adminpb.SignBlobRequest, opts ...gax.CallOption) (*adminpb.SignBlobResponse, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.SignBlob[0:len(c.CallOptions.SignBlob):len(c.CallOptions.SignBlob)], opts...) var resp *adminpb.SignBlobResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.SignBlob(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // getIamPolicy returns the IAM access control policy for a // [ServiceAccount][google.iam.admin.v1.ServiceAccount]. func (c *IamClient) getIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.GetIamPolicy[0:len(c.CallOptions.GetIamPolicy):len(c.CallOptions.GetIamPolicy)], opts...) var resp *iampb.Policy err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.GetIamPolicy(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // setIamPolicy sets the IAM access control policy for a // [ServiceAccount][google.iam.admin.v1.ServiceAccount]. func (c *IamClient) setIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.SetIamPolicy[0:len(c.CallOptions.SetIamPolicy):len(c.CallOptions.SetIamPolicy)], opts...) var resp *iampb.Policy err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.SetIamPolicy(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // TestIamPermissions tests the specified permissions against the IAM access control policy // for a [ServiceAccount][google.iam.admin.v1.ServiceAccount]. func (c *IamClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.TestIamPermissions[0:len(c.CallOptions.TestIamPermissions):len(c.CallOptions.TestIamPermissions)], opts...) var resp *iampb.TestIamPermissionsResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.TestIamPermissions(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // QueryGrantableRoles queries roles that can be granted on a particular resource. // A role is grantable if it can be used as the role in a binding for a policy // for that resource. func (c *IamClient) QueryGrantableRoles(ctx context.Context, req *adminpb.QueryGrantableRolesRequest, opts ...gax.CallOption) (*adminpb.QueryGrantableRolesResponse, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.QueryGrantableRoles[0:len(c.CallOptions.QueryGrantableRoles):len(c.CallOptions.QueryGrantableRoles)], opts...) var resp *adminpb.QueryGrantableRolesResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.QueryGrantableRoles(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // SignJwt signs a JWT using a service account's system-managed private key. // // If no expiry time (exp) is provided in the SignJwtRequest, IAM sets an // an expiry time of one hour by default. If you request an expiry time of // more than one hour, the request will fail. func (c *IamClient) SignJwt(ctx context.Context, req *adminpb.SignJwtRequest, opts ...gax.CallOption) (*adminpb.SignJwtResponse, error) { ctx = insertMetadata(ctx, c.xGoogMetadata) opts = append(c.CallOptions.SignJwt[0:len(c.CallOptions.SignJwt):len(c.CallOptions.SignJwt)], opts...) var resp *adminpb.SignJwtResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamClient.SignJwt(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // ServiceAccountIterator manages a stream of *adminpb.ServiceAccount. type ServiceAccountIterator struct { items []*adminpb.ServiceAccount pageInfo *iterator.PageInfo nextFunc func() error // InternalFetch is for use by the Google Cloud Libraries only. // It is not part of the stable interface of this package. // // InternalFetch returns results from a single call to the underlying RPC. // The number of results is no greater than pageSize. // If there are no more results, nextPageToken is empty and err is nil. InternalFetch func(pageSize int, pageToken string) (results []*adminpb.ServiceAccount, nextPageToken string, err error) } // PageInfo supports pagination. See the google.golang.org/api/iterator package for details. func (it *ServiceAccountIterator) PageInfo() *iterator.PageInfo { return it.pageInfo } // Next returns the next result. Its second return value is iterator.Done if there are no more // results. Once Next returns Done, all subsequent calls will return Done. func (it *ServiceAccountIterator) Next() (*adminpb.ServiceAccount, error) { var item *adminpb.ServiceAccount if err := it.nextFunc(); err != nil { return item, err } item = it.items[0] it.items = it.items[1:] return item, nil } func (it *ServiceAccountIterator) bufLen() int { return len(it.items) } func (it *ServiceAccountIterator) takeBuf() interface{} { b := it.items it.items = nil return b }